CVE-2018-16270
First published: Wed Jan 22 2020(Updated: )
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Galaxy Gear Firmware | <re2 | |
| Samsung Galaxy Gear | ||
| Samsung Gear 2 Firmware | <re2 | |
| Samsung Gear 2 | ||
| Samsung Gear Live Firmware | <re2 | |
| Samsung Gear Live | ||
| Samsung Gear S Firmware | <re2 | |
| Samsung Gear S | ||
| Samsung Gear S2 Firmware | <re2 | |
| Samsung Gear S2 | ||
| Samsung Gear S3 Firmware | <re2 | |
| Samsung Gear S3 | ||
| Samsung Gear Sport Firmware | <re2 | |
| Samsung Gear Sport | ||
| Samsung Gear Fit Firmware | <re2 | |
| Samsung Gear Fit | ||
| Samsung Gear Fit 2 Firmware | <re2 | |
| Samsung Gear Fit 2 | ||
| Samsung Gear Fit 2 Pro Firmware | <re2 | |
| Samsung Gear Fit 2 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-16270.
What is the severity level of CVE-2018-16270?
The severity level of CVE-2018-16270 is high (7.5).
Which Samsung devices are affected by CVE-2018-16270?
The Samsung Galaxy Gear, Samsung Gear 2, Samsung Gear Live, Samsung Gear S, Samsung Gear S2, Samsung Gear S3, Samsung Gear Sport, Samsung Gear Fit, Samsung Gear Fit 2, and Samsung Gear Fit 2 Pro are affected by CVE-2018-16270.
How can an unprivileged process exploit the vulnerability in hcidump utility?
An unprivileged process can exploit the vulnerability in hcidump utility by dumping Bluetooth HCI packets to an arbitrary file path.
Are there any references related to CVE-2018-16270?
Yes, you can find more information about CVE-2018-16270 in the following references: [1](https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf) and [2](https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be).
- collector/nvd-index
- agent/tags
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/samsung
- canonical/samsung galaxy gear firmware
- canonical/samsung galaxy gear
- canonical/samsung gear 2 firmware
- canonical/samsung gear 2
- canonical/samsung gear live firmware
- canonical/samsung gear live
- canonical/samsung gear s firmware
- canonical/samsung gear s
- canonical/samsung gear s2 firmware
- canonical/samsung gear s2
- canonical/samsung gear s3 firmware
- canonical/samsung gear s3
- canonical/samsung gear sport firmware
- canonical/samsung gear sport
- canonical/samsung gear fit firmware
- canonical/samsung gear fit
- canonical/samsung gear fit 2 firmware
- canonical/samsung gear fit 2
- canonical/samsung gear fit 2 pro firmware
- canonical/samsung gear fit 2 pro